Security News: Microsoft Identifies Nasty New Bug | Provides Windows Patch

by MikeM on October 27, 2008

The last few weeks have seen a significant uptick in security problems. Many of these headaches are being caused by the concern of a new software worm circulating around the Internet. The Worm is now being identified as “Gimmiv” and the problem is serious enough for Microsoft to release a rare emergency Windows security patch – two weeks ahead of its normally scheduled monthly release of updates and patches.

According to PC Magazine, “This vulnerability is one of those rare ones that could result in a true network worm, where a system could be successfully attacked over the network with no user action at all.” The Microsoft advisory states that “Firewall best practices and standard default firewall configurations can help protect network resources from attacks that originate outside the enterprise perimeter.” It appears that firewalls, including the default Windows Firewall included in Windows XP and Vista, will block it.

“Antivirus 2008 ” — It Is Actually Spyware

Another spyware infestation we have seen (and removed) first hand recently includes a series of pop up windows indicating that you need to take some type of action to protect your system. Some of these pop ups are very well disguised and look very much like actual Windows Security dialog boxes. This spyware infestation includes “products” with names like “Antivirus 2008″ “Antivirus 2009″, “System Antivirus 2008″, “Windows Antivirus 2008″ and “Vista Antivirus 2008″ and “Ultimate Antivirus 2008.” Removal of these items is not necessarily an easy or straight forward process.

Some of these pop ups will explain that you need to pay $49.95 for the full antivirus license — Do Not. This group of spyware is what is known as a Trojan horse and can open up backdoor gateways into infected systems. Once infected the Trojan can download additional nasty items onto your system from the Internet as well as send your files off to other systems. Having your QuickBooks files sent off to who-knows-where is not a comforting thought.

If you do happen to see any indication of the above noted spyware “products” do not click on any of the links. Pop ups from these items can also include fraudulent error messages with some that look much like Windows messages. Clicking on any of the links can cause additional pop ups and/or cause other web sites to load in your browser. Current indications are that this spyware uses what is known as the Zlob Trojan as part of its engine for spreading the infestation. More information is available on the web by searching under any of the “product” names mentioned above.

What To Do — Recommended Actions:

  1. Be sure your Internet security software is up-to-date.  Run a manual update in the near future.
  2. Run a full scan of your system after everything is up-to-date.
  3. Install all current Windows patches and updates including Windows XP Service Pack 3 if running XP.
  4. As always, close all other programs before installing Windows updates & patches.
  5. Be sure to use firewall software and not just antivirus software. Firewall software is included in all Internet Security Suites.
Share

{ 2 comments }

Ralph November 10, 2008 at 11:39 pm

I am getting these pop up windows. Mcafee is blocking a file called js/fakealert.ab.dldr. It seems to block this file, but it continually shows up along with the anitvirus 2009 problem you list. What should I do?

MikeM November 11, 2008 at 10:23 am

Ralph,

Your experiences sound consistent with the items described in the post. McAfee has information on removing Antivirus 2009 at: http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=149899. Follow all of McAfee’s recommendations and you should be fine.

You will want to clean this up as soon as possible. Since this infection contains a Trojan downloader it can possibly download additional nasty items onto your system. You may also want to run a complete scan of your system in Safe Mode.

–Mike

Comments on this entry are closed.

Previous post:

Next post: